Re: [Openvpn-devel] New feature: --ifconfig for tap devices

2003-09-07 Thread Steffen Schütz 
Hola Julien,

On Sun, 07 Sep 2003 14:11:27 +0200
julien Touche  wrote:

> 
> some googling drives me to this thread
> http://www.monkey.org/openbsd/archive/tech/0111/msg00098.html
> and
> find /sys -iname '*tap*' returns nothing
> 
> so i'm not sure openbsd stock-kernel has tap ...

Yep, OpenBSD has no tap-device support in the kernel.
Some days ago i was at the same point.

> if someone has more information (i will ask about it on misc@)

Someone has been porting the tap-device driver from FreeBSD
to OpenBSD. You can find more at http://diehard.n-r-g.com 
Well, the port and patch you can find on this side are not complete
for an out of the box start on OpenBSD 3.3-RELEASE.
The patch is dated at November 2001, so you can expect that this won't
work on 3.3-RELEASE. So, you've to modify the files by hand.
What the patch doesn't show, is that you've to modify /sys/conf/GENERIC
( and/or GENERIC_PART ) - it needs the following line:

pseudo-device   tap 2 # number of tap device

Further the file if_tap.c needs the function
tapkqfilter; it looks like the following :

int 
tapkqfilter(dev_t dev,struct knote *kn)
{
return (1);
}


Without this function you'll get an error while compiling the new
kernel.
I had success on building a kernel with tap-device on OpenBSD/i386 and
on Openbsd/Sparc64 ( both 3.3 ).
So far so good. On an intel-box using it with openvpn i crashed the
kernel. Until yet no idea why and no time to get closer to the problem.
Well on the Sparc64 it's working. Means no kernel crash ;-)
Ok, i tried to get a tunnel working between a linux-intel-box and the
openbsd-sparc-box using openvpn 1.3.1. With a simple setup i only get
a "Peer Connection Initiated with ..." from openvpn on both after
pinging each side. That's all so far. Until yet i wasn't able to see
the icmp-packets via tcpdump on both tap devices. 
Maybe i don't see the trees in the wood.


Steffen
-- 
It's not the matter to break the wall with your head,
but to find the door with your eyes !

Re: [Openvpn-devel] New feature: --ifconfig for tap devices

2003-09-07 Thread Matthias Andree 
On Sun, 07 Sep 2003, julien Touche wrote:

> not sure if tap is available on openbsd (have post it previously to james)

Makes me wonder if we can tunnel between Solaris/OpenBSD on one end and
Winbloze on the other end. Windows apparently only supports "tap" ethertap,
and Solaris and OpenBSD apparently only support "tun" IP tunnels.

> some googling drives me to this thread
> http://www.monkey.org/openbsd/archive/tech/0111/msg00098.html
> and
> find /sys -iname '*tap*' returns nothing
> 
> so i'm not sure openbsd stock-kernel has tap ...

I'd think it can be done. Tried loading a "tap" or "if_tap" module or
something? FreeBSD compiles tap as a module that isn't loaded by
default, you need to manually kldload it on FreeBSD.

-- 
Matthias Andree

Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [Openvpn-devel] New feature: --ifconfig for tap devices

2003-09-07 Thread julien Touche 


James Yonan wrote:


What I need right now in order to make the TAP version of --ifconfig work
correctly, is the correct ifconfig command syntax for setting the IP address
and netmask of a TAP device, on all the OSes which OpenVPN supports.  I've
already coded templates for Linux and Windows, but I still need to know the
appropriate ifconfig syntax for FreeBSD, OpenBSD, NetBSD, Solaris, and Mac OS
X, with respect to setting the IP/netmask on a TAP device.

So if you are using one of these OSes with OpenVPN + TAP adapter, please let
us know what kind of ifconfig syntax you use in your --up script to set the
adapter parameters.


not sure if tap is available on openbsd (have post it previously to james)

some googling drives me to this thread
http://www.monkey.org/openbsd/archive/tech/0111/msg00098.html
and
find /sys -iname '*tap*' returns nothing

so i'm not sure openbsd stock-kernel has tap ...
if someone has more information (i will ask about it on misc@)


Regards

Julien

Re: [Openvpn-devel] Need 1.5 beta testers for *BSD, Linux 2.2, OS X

2003-09-07 Thread julien Touche 


James Yonan wrote:


I'm thinking about something like this in a more generalized context, where
OpenVPN running as a server would actually generate the config file for the
client, and send it to the client via SSL after an initial authentication
handshake.  This would simplify the configuration on the client side, and
allow the server to send routes back to the client.



one extra could be:
for a client side hidden behind a gateway (so no public ip) could 
contact and establish a vpn with a public box.


would it be possible without any relay on the client gateway ?


Regards

Julien